<?php
if (!defined("IN_OP"))
{
    exit("You can't access this file directly...");
}

if (isset($_SESSION['subaccount']))
{
    $showName = "";
    $rs = getdb("SELECT account, pass FROM k_user WHERE id =" . $_SESSION['subaccount'] . " LIMIT 1");
    if ($rs->eof)
    {
        exit("error -p");
    }
    $showAccount = $rs->f[0];
    $showPass = $rs->f[1];
}
else
{
    $showName = $curruser['name'];
    $showAccount = $curruser['account'];
    $showPass = $curruser['pass'];
}
$ui = new UI_3D(1);
$tpl = new Template2();
$msg = "";
$w = date("w", time() - 14400);
include( "./#inc/00{$w}.php" );
$idxKey = date("d") % 15;
$idxKey2 = date("H") % 40;
$enKey = ord($g_chkKeyArr[$idxKey][$idxKey2]);
if (ispost())
{
    $newpass = getslashes(getvar("newpass"));
    $oldpass = getslashes(getvar("oldpass"));
    if ($newpass == "" || $oldpass == "")
    {
        $msg .= "密码不可有特殊字元不可空白<br />";
        $newpass = "";
    }
    else
    {
        $passArr = str_split($newpass, 3);
        $passL = count($passArr);
        $passN = "";
        $i = 1;
        while ($i < $passL)
        {
            $passN .= chr($passArr[$i] ^ $enKey);
            ++$i;
        }
        if (getslashes($passN) == "")
        {
            $msg .= "密码不可有特殊字元不可空白<br />";
            $newpass = "";
        }
        else
        {
            $newpass = $passN;
        }
        $passArr = str_split($oldpass, 3);
        $passL = count($passArr);
        $passN = "";
        $i = 1;
        while ($i < $passL)
        {
            $passN .= chr($passArr[$i] ^ $enKey);
            ++$i;
        }
        if (getslashes($passN) == "")
        {
            $msg .= "密码不可有特殊字元不可空白<br />";
            $oldpass = "";
        }
        else
        {
            $oldpass = $passN;
        }
        if ($newpass && $newpass == $oldpass)
        {
            $msg .= "新旧密码不可相同<br />";
            $oldpass = "";
        }
        if ($newpass && $newpass == $showAccount)
        {
            $msg .= "新密码不可和帐号相同<br />";
            $newpass = "";
        }
        if ($oldpass && md5($oldpass) != $showPass)
        {
            $msg .= "旧密码错误<br />";
            $oldpass = "";
        }
    }
    if ($msg == "" && 5 < strlen($newpass))
    {
        if (isset($_SESSION['subaccount']))
        {
            getdb("update k_user set pass='" . md5($newpass) . "', chgpwdt = " . time() . " where id=" . $_SESSION['subaccount'] . " and pass = '" . md5($oldpass) . "'");
        }
        else
        {
            getdb("update k_user set pass='" . md5($newpass) . "', chgpwdt = " . time() . " where id=" . $curruser['id'] . " and pass = '" . md5($oldpass) . "'");
        }
        $user->logout();
        $msg = "<p>更改密码成功！</p><p>你必须用新密码重新登入，4秒内会自动登出，或 <input type=\"button\"  value=\"立即登出\" class=\"colorBtnGray\" onclick=\"javascript:chgURl();\"></p>";
        $msg .= "<script> function chgURl(){window.location.assign ( 'op.php?op=core&fp=logout' ) ; } setTimeout(function(){chgURl();},4000); </script>";
        $ui->showErrorPage($msg);
        exit();
    }
}
$tpl->load("main", "chgpw.htm");
$tpl->set(array("action" => "op.php?op=core&fp=chgpw", "msg" => $msg, "accName" => $showName, "decodeJsStr" => "f.style.display = \"none\"; var pL = f.newpass.value.length; var fC = " . $enKey . ";  var nPw = 0;  var nPwStr = [];  for(var i = 0; i < pL; i++){  nPw = \"000\" + ( f.newpass.value.charCodeAt(i) ^ fC ) ;  nPwStr.push( nPw.slice(-3));  }  f.newpass.value = \"AAA\" + nPwStr.join(\"\");" . " pL = f.oldpass.value.length; nPw = 0; nPwStr = [];  for( i = 0; i < pL; i++){  nPw = \"000\" + ( f.oldpass.value.charCodeAt(i) ^ fC ) ;  nPwStr.push( nPw.slice(-3));  }  f.oldpass.value = \"AAA\" + nPwStr.join(\"\");", "myaccount" => $showAccount));
$ui->set("csscode", " body{ margin:5% auto; text-align: center;\t} ");
$ui->header();
$tpl->show("main");
$ui->footer();
?>